<!--
Auteur: Frank den Broeder
Stundentnummer: s1049444
Klas: IS1d
-->
<?php

include('test_database_login.php');

$myusername=$_POST['inlognaam']; 
$mypassword=$_POST['wachtwoord'];

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM users WHERE username='$myusername' AND password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
//Register $myusername, $mypassword and redirect to file "beheerwheninlogcomplete.php"
session_start();
$_SESSION['login'] = "1";
$_SESSION['username'] = $myusername;
header("location:index.php?page=login-complete");
}
else {
echo "Wrong Username or Password";
}
?>